Federal (Canada) Privacy Decisions

Browse privacy decisions from Federal (Canada) — with AI-generated plain-language summaries for every ruling.

2 decisions matching

Jurisdiction

Federal (Canada)Ontario British Columbia Alberta Saskatchewan Manitoba Quebec Nova Scotia New Brunswick Prince Edward Island Newfoundland and Labrador

Governing law

ATIA CASL PIPEDA Privacy Act

Outcome

OIC Order (ATIA s.36.1, binding)Well-founded Well-founded & resolved Well-founded & conditionally resolved Well-founded & unresolved Not well-founded Action warranted s.6.1 Application Granted (refusal authorized)s.6.1 Application Denied (must respond)Settled Resolved Early-resolved Discontinued Withdrawn Declined to investigate No jurisdiction

Decision Type

Systemic Investigations

Sort

Default: publication date

Index date

Browse by Year

2026 2025 2024 2023 2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001

Federal (Canada)Personal Information Protection and Electronic Documents ActResolved

Mar 21, 2014Incident Summary #5· Indexed Apr 12, 2026

Incident Summary #5: Life insurance company employs best practices in responding to mass mailing error that risked exposing personal information - March 21, 2014

A life insurance company

A life insurance company discovered a potential breach of personal information when a new envelope design exposed sensitive data, including SINs, of 53 pension plan members. The company took prompt action by notifying affected individuals, offering credit monitoring services, and implementing new security measures to prevent recurrence. The OPC noted the company's response demonstrated best practices in handling such incidents.

Official ↗

Federal (Canada)Personal Information Protection and Electronic Documents ActResolved

Feb 20, 2014Early resolved case summary #10· Indexed Apr 12, 2026

Early resolved case summary #10: Bank improves its credit card account verification practices after challenge from customer - February 20, 2014

A bank

An individual complained that her bank required her to provide the last six digits of her Social Insurance Number (SIN) to set up a verified credit account for online purchases. The complainant believed this collection was unnecessary and sought an alternative. The bank initially maintained its practice but, after being informed of a similar OPC finding regarding transparency, discontinued the practice and updated its website to remove this authentication method. The complaint was resolved.

Official ↗

Outcome Notes

Federal rulings come from two regulators with different statutory authority — outcome filters cover both.

OIC Order (ATIA s.36.1, binding) — Since June 2019 (Bill C-58) the Information Commissioner can issue binding orders requiring disclosure or reconsideration. Enforceable after 31/41 business days unless reviewed by the Federal Court (s.41).

Well-Founded — finding that the complaint is well-founded. For OIC: ATIA s.37(1)(a) finding (may be paired with a s.36.1 order). For OPC: Privacy Act s.35(1) / PIPEDA s.13(1) advisory finding — recommendations only, no binding order-making power.

Not Well-Founded — no contravention found.

s.6.1 Application— the OIC's response to a head's application for authorization to refuse a frivolous, vexatious, or bad-faith access request. Granted = institution may refuse; Denied = institution must respond.

Settled / Resolved / Early-resolved — OPC matter resolved during or before formal findings without a contravention finding.

Declined to investigate / No jurisdiction — Procedural close (Privacy Act s.34, PIPEDA discretion, or scope outside the Acts).

References: ATIA s.36.1 · OPC disposition definitions

About This Archive

Breach of Privacy archives Canadian privacy decisions from federal, provincial, and territorial commissioners. Each decision includes an AI-generated plain-language summary. Always verify against the official source document.

Federal (Canada) Privacy Decisions

Incident Summary #5: Life insurance company employs best practices in responding to mass mailing error that risked exposing personal information - March 21, 2014

Quick View

Incident Summary #5: Life insurance company employs best practices in responding to mass mailing error that risked exposing personal information - March 21, 2014

Early resolved case summary #10: Bank improves its credit card account verification practices after challenge from customer - February 20, 2014

Quick View

Early resolved case summary #10: Bank improves its credit card account verification practices after challenge from customer - February 20, 2014

Filters